[28342] in CVS-changelog-for-Kerberos-V5
krb5 commit: Improve pointer hygiene around gss_display_name
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sat May 24 11:17:16 2014
Date: Sat, 24 May 2014 11:17:12 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201405241517.s4OFHCXo018047@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/0bf18fd4363f9f1244688daac224bd456bf52e7f
commit 0bf18fd4363f9f1244688daac224bd456bf52e7f
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed May 21 12:03:00 2014 -0400
Improve pointer hygiene around gss_display_name
GSSAPI functions are responsible for setting their output parameters
on failure. Take greater care to do so in krb5_gss_display_name.
The mechglue is generally defensive about initializing variables used
as outputs, and not assuming that mechs will set them on failure.
Make gssint_convert_name_to_union_name initialize
union_name->external_name before calling mech->gss_display_name, so
that if the mech's gss_display_name doesn't touch it, we don't free an
uninitialized pointer.
Either one of these changes prevents an unlikely memory bug which
could occur if krb5_gss_init_context fails within
krb5_gss_display_name when called from
gssint_convert_name_to_union_name.
ticket: 7915 (new)
target_version: 1.12.2
src/lib/gssapi/krb5/disp_name.c | 8 +++++---
src/lib/gssapi/mechglue/g_glue.c | 2 ++
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/lib/gssapi/krb5/disp_name.c b/src/lib/gssapi/krb5/disp_name.c
index 6ff2543..b097bf0 100644
--- a/src/lib/gssapi/krb5/disp_name.c
+++ b/src/lib/gssapi/krb5/disp_name.c
@@ -37,15 +37,17 @@ krb5_gss_display_name(minor_status, input_name, output_name_buffer,
krb5_gss_name_t k5name = (krb5_gss_name_t) input_name;
gss_OID nametype = (gss_OID) gss_nt_krb5_name;
+ output_name_buffer->length = 0;
+ output_name_buffer->value = NULL;
+ if (output_name_type)
+ *output_name_type = GSS_C_NO_OID;
+
code = krb5_gss_init_context(&context);
if (code) {
*minor_status = code;
return GSS_S_FAILURE;
}
- output_name_buffer->length = 0;
- output_name_buffer->value = NULL;
-
if (krb5_princ_type(context, k5name->princ) == KRB5_NT_WELLKNOWN) {
if (krb5_principal_compare(context, k5name->princ,
krb5_anonymous_principal()))
diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c
index e438a03..4aa3591 100644
--- a/src/lib/gssapi/mechglue/g_glue.c
+++ b/src/lib/gssapi/mechglue/g_glue.c
@@ -647,6 +647,8 @@ OM_uint32 gssint_convert_name_to_union_name(minor_status, mech,
major_status = GSS_S_FAILURE;
goto allocation_failure;
}
+ union_name->external_name->length = 0;
+ union_name->external_name->value = NULL;
major_status = mech->gss_display_name(minor_status,
internal_name,
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
